Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}} Helper 2014-0014
2014-01-14 echor echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure 2014-1835
2014-01-08 paratrooper-newrelic Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure 2014-1234
2013-12-31 flukso4r flukso4r Gem for Ruby /lib/flukso/R.rb Arbitrary Command Execution
2013-12-26 paratrooper-pingdom paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure 2014-1233
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby contains multiple cross-site request forgery (CSRF) vulnerabilities 2013-7223
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby lack of support for cycling the Rails session secret 2013-7222
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to inject or manipulate SQL queries 2013-7225
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations 2013-7224
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations 2013-7249
2013-12-14 nokogiri Nokogiri Gem for JRuby Crafted XML Document Handling Infinite Loop Remote DoS 2013-6460
2013-12-14 bio-basespace-sdk Bio Basespace SDK Gem for Ruby Command Line API Key Disclosure 2013-7111
2013-12-14 nokogiri Nokogiri Gem for Ruby External Entity (XXE) Expansion Remote DoS 2013-6461
2013-12-12 webbynode Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution 2013-7086
2013-12-03 i18n i18n missing translation error message XSS 2013-4492
2013-12-03 actionpack XSS Vulnerability in number_to_currency 2013-6415
2013-12-03 actionpack Denial of Service Vulnerability in Action View 2013-6414
2013-12-03 actionpack Reflective XSS Vulnerability in Ruby on Rails 2013-4491
2013-12-03 actionpack XSS Vulnerability in simple_format helper 2013-6416
2013-12-03 actionpack Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) 2013-6417
2013-12-02 sprout sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution 2013-6421
2013-11-14 omniauth-facebook omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass 2013-4593
2013-11-12 omniauth-facebook omniauth-facebook Gem for Ruby Unspecified CSRF 2013-4562
2013-11-04 gitlab-grit GitLab Grit Gem for Ruby contains a flaw 2013-4489
2013-10-29 sup Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution 2013-4479
2013-10-29 sup Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution 2013-4478
2013-10-22 cocaine Cocaine Gem for Ruby contains a flaw 2013-4457
2013-10-16 actionmailer Action Mailer Gem for Ruby contains a possible DoS Vulnerability 2013-4389
2013-10-08 wicked Wicked Gem for Ruby contains a flaw 2013-4413
2013-10-01 aescrypt Vulnerability in aescrypt because IV is not randomized 2013-7463